Follow ZDNET: Add us as a preferred source on Google.
ZDNET’s key takeaways
- Ubuntu Core offers stronger security than ever.
- Core is great for IoT or edge devices in the EU.
- This Linux distro comes with 15 years of support.
You want a rock-solid Linux distro that you can count on for 15 years for edge computing and Internet of Things (IoT) devices? Check out Ubuntu Core 26, Canonical’s latest long-term support (LTS) distribution for mission‑critical and low‑latency AI workloads.
Also: Microsoft surprises with its first server Linux distribution: Azure Linux 4.0
For those unfamiliar with Ubuntu Core, it’s a stripped-down, embedded Linux OS that takes regular Ubuntu and turns it into a minimal, containerized system, where the kernel, base OS, and apps are all delivered as snaps. Ubuntu Core targets IoT, industrial, robotics, digital signage, appliances, and other edge deployments where you want predictable behavior, remote management, and robust over-the-air (OTA) updates rather than a general-purpose server or desktop.
Linux that’s safe to use until 2041
Canonical is positioning Ubuntu Core as a hardened Linux distribution for devices that must run unattended for years. As with previous Core releases, each component is delivered as a sandboxed, cryptographically signed snap, maintaining a measured boot chain that only runs verified code. This is a Linux you can trust to run safely until 2041.
That’s no small matter, since emerging security regulations, especially the EU Cyber Resilience Act (CRA), require clear component provenance, long-term stability, and accountability across the stack. As Jon Seager, Canonical’s VP of Ubuntu Engineering, said in a blog post: “With Ubuntu Core 26, we continue to deliver the foundation that critical infrastructure operators need to meet the CRA, run attested, immutable edge AI workloads, and manage devices securely at scale.”
Also: The 4th Linux kernel flaw this month can lead to stolen SSH host keys
A major theme in Ubuntu Core 26 is cutting the cost and friction of provisioning and maintaining large device fleets. Canonical says an improved snap‑delta format reduces OTA update sizes by 50% to 90% for most snaps, with updates to Core base snaps shrinking from around 16MB to just 1.5MB. In addition, new initramfs‑based installation paths avoid redundant reboots by default, speeding up first‑boot provisioning and making device rollout faster and more predictable.
Ubuntu Core 26 also debuts a Chisel‑based build system that Canonical calls a new “precision‑led” approach to constructing Core base snaps. Chisel is a developer tool for extracting highly customized, specialized package slices from Ubuntu packages to create compact, secure software.
In Chisel, instead of relying on layered recipes and post‑processing, the new system uses release‑specific “slice” definitions with explicit, traceable dependencies, allowing every file in the filesystem to be tied back to a specific slice and source package. Canonical says this improves integrity checking and vulnerability triage by giving operators finer‑grained visibility into the origins of a given component and its dependencies. The Chisel pipeline also delivers size savings, contributing to a reported 7% reduction in the base image footprint.
At the bootloader layer, Ubuntu Core 26 shifts u‑boot configuration into a single raw partition with redundant environment support. This approach makes updates to both u‑boot and snapd safer and more reliable while avoiding recovery issues tied to file‑based storage.
Lower risk of security-key compromise
On the technical side, the new Core introduces foundational changes to full‑disk encryption. TPM‑sealed keys are now stored directly in the Linux Unified Key Setup (LUKS2) header. This setup reduces the risk of key reuse across different device states. New native OP‑TEE integration brings ARM TrustZone‑backed key protection to embedded deployments. Sealing and unsealing disk encryption keys in the Trusted Execution Environment rather than in the normal operating system reduces the risk of security-key compromise.
Also: Red Hat Desktop vs. Fedora Hummingbird: Which AI development Linux path is right for you?
Beyond the base operating system, new and updated system snaps aim to accelerate device deployment. Specifically, the Snapcraft build tool gains a major feature called components. This feature packages large or optional resources (such as debug symbols, translations, or optional drivers) alongside the main snap without inflating the base installation. First tested in Ubuntu Core 24 to deliver Nvidia drivers, the components are now open to the wider snap ecosystem.
Canonical is also extending its Livepatch service to more of the Core ecosystem. With the dual release of Ubuntu 26.04 LTS and Ubuntu Core 26, Livepatch’s reboot‑less kernel updates now reach ARM64 for the first time and gain official support on AMD64 across all Ubuntu Core releases from Core 20 onward. The company pitches this shift as a way to meet CRA expectations for timely vulnerability remediation without taking critical edge devices offline.
Embedded Linux for the EU
On the graphical side, Ubuntu Frame, Core’s display server for embedded graphical applications, now supports multiple apps on a single display, with configurable layouts, custom client placement, and an accessibility launcher. Graphics‑intensive workloads benefit from the new GPU-2604 interface, which provides hardware acceleration for Core 26 applications and is supported by a new Snapcraft extension that simplifies graphics integration.
Also: Canonical’s approach to AI is refreshingly thoughtful – Microsoft should take note
Canonical also said it is assuming “manufacturer” responsibilities for the operating system under the CRA. That’s no small matter, since Canonical stands behind the long‑term security maintenance for core modules, continuous Common Vulnerabilities and Exposures (CVE) monitoring, coordinated disclosure, and adherence to standards, such as IEC 62443‑4‑1. This approach, combined with built-in software traceability and modularity, is presented as a tool for defining clear boundaries of responsibility among Canonical, device makers, and application vendors. That stance is essential for selling devices in the EU under the CRA.
So, while Ubuntu Core isn’t for everyone, I guarantee you that if your company wants to sell IoT or edge gear in the EU, this new embedded Linux has exactly what you need to pass the CRA and thus be marketable in Europe.